vboot2: Add host library functions to read/write new-format key objects

And unit tests for them.

BUG=chromium:423882
BRANCH=none
TEST=make runtests && VBOOT2=1 make runtests

Change-Id: I720bfb2537bae60f05b5ce28ab196a331a82eedf
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/230931

firmware/2lib/include/2common.h

@@ -288,6 +288,20 @@ int vb2_unpack_key2(struct vb2_public_key *key,
 		    const uint8_t *buf,
 		    uint32_t size);
 
+/**
+ * Unpack the RSA data fields for a public key
+ *
+ * This is called by vb2_unpack_key2() to extract the arrays from a packed key.
+ * These elements of *key will point inside the key_data buffer.
+ *
+ * @param key		Destination key for RSA data fields
+ * @param key_data	Packed key data (from inside a packed key buffer)
+ * @param key_size	Size of packed key data in bytes
+ */
+int vb2_unpack_key2_data(struct vb2_public_key *key,
+			 const uint8_t *key_data,
+			 uint32_t key_size);
+
 /**
  * Return expected signature size for a signature/hash algorithm pair
  *

firmware/2lib/include/2return_codes.h

@@ -472,6 +472,83 @@ enum vb2_return_code {
 	/* Unable to write data in write_file() */
 	VB2_ERROR_WRITE_FILE_DATA,
 
+        /**********************************************************************
+	 * Errors generated by host library key functions
+	 */
+	VB2_ERROR_HOST_KEY = VB2_ERROR_HOST_BASE + 0x020000,
+
+	/* Unable to allocate key  in vb2_private_key_read_pem() */
+	VB2_ERROR_READ_PEM_ALLOC,
+
+	/* Unable to open .pem file in vb2_private_key_read_pem() */
+	VB2_ERROR_READ_PEM_FILE_OPEN,
+
+	/* Bad RSA data from .pem file in vb2_private_key_read_pem() */
+	VB2_ERROR_READ_PEM_RSA,
+
+	/* Unable to set private key description */
+	VB2_ERROR_PRIVATE_KEY_SET_DESC,
+
+	/* Bad magic number in vb2_private_key_unpack() */
+	VB2_ERROR_UNPACK_PRIVATE_KEY_MAGIC,
+
+	/* Bad common header in vb2_private_key_unpack() */
+	VB2_ERROR_UNPACK_PRIVATE_KEY_HEADER,
+
+	/* Bad key data in vb2_private_key_unpack() */
+	VB2_ERROR_UNPACK_PRIVATE_KEY_DATA,
+
+	/* Bad struct version in vb2_private_key_unpack() */
+	VB2_ERROR_UNPACK_PRIVATE_KEY_STRUCT_VERSION,
+
+	/* Unable to allocate buffer in vb2_private_key_unpack() */
+	VB2_ERROR_UNPACK_PRIVATE_KEY_ALLOC,
+
+	/* Unable to unpack RSA key in vb2_private_key_unpack() */
+	VB2_ERROR_UNPACK_PRIVATE_KEY_RSA,
+
+	/* Unable to set description in vb2_private_key_unpack() */
+	VB2_ERROR_UNPACK_PRIVATE_KEY_DESC,
+
+	/* Unable to create RSA data in vb2_private_key_write() */
+	VB2_ERROR_PRIVATE_KEY_WRITE_RSA,
+
+	/* Unable to allocate packed key buffer in vb2_private_key_write() */
+	VB2_ERROR_PRIVATE_KEY_WRITE_ALLOC,
+
+	/* Unable to write file in vb2_private_key_write() */
+	VB2_ERROR_PRIVATE_KEY_WRITE_FILE,
+
+	/* Unable to determine key size in vb2_public_key_alloc() */
+	VB2_ERROR_PUBLIC_KEY_ALLOC_SIZE,
+
+	/* Unable to allocate buffer in vb2_public_key_alloc() */
+	VB2_ERROR_PUBLIC_KEY_ALLOC,
+
+	/* Unable to set public key description */
+	VB2_ERROR_PUBLIC_KEY_SET_DESC,
+
+	/* Unable to read key data in vb2_public_key_read_keyb() */
+	VB2_ERROR_READ_KEYB_DATA,
+
+	/* Wrong amount of data read in vb2_public_key_read_keyb() */
+	VB2_ERROR_READ_KEYB_SIZE,
+
+	/* Unable to allocate key buffer in vb2_public_key_read_keyb() */
+	VB2_ERROR_READ_KEYB_ALLOC,
+
+	/* Error unpacking RSA arrays in vb2_public_key_read_keyb() */
+	VB2_ERROR_READ_KEYB_UNPACK,
+
+	/* Unable to read key data in vb2_packed_key_read() */
+	VB2_ERROR_READ_PACKED_KEY_DATA,
+
+	/* Bad key data in vb2_packed_key_read() */
+	VB2_ERROR_READ_PACKED_KEY,
+
+	/* Unable to determine key size in vb2_public_key_pack() */
+	VB2_ERROR_PUBLIC_KEY_PACK_SIZE,
+
         /**********************************************************************
 	 * Highest non-zero error generated inside vboot library.  Note that
 	 * error codes passed through vboot when it calls external APIs may

firmware/2lib/include/2struct.h

@@ -208,19 +208,22 @@ struct vb2_fw_preamble {
  */
 enum vb2_struct_common_magic {
 	/* "Vb2B" = vb2_keyblock2.c.magic */
-	VB2_MAGIC_KEYBLOCK2        = 0x42326256,
+	VB2_MAGIC_KEYBLOCK2		= 0x42326256,
 
 	/* "Vb2F" = vb2_fw_preamble.c.magic */
-	VB2_MAGIC_FW_PREAMBLE2     = 0x46326256,
+	VB2_MAGIC_FW_PREAMBLE2		= 0x46326256,
+
+	/* "Vb2I" = vb2_packed_private_key2.c.magic */
+	VB2_MAGIC_PACKED_PRIVATE_KEY2	= 0x49326256,
 
 	/* "Vb2K" = vb2_kernel_preamble.c.magic */
-	VB2_MAGIC_KERNEL_PREAMBLE2 = 0x4b326256,
+	VB2_MAGIC_KERNEL_PREAMBLE2	= 0x4b326256,
 
 	/* "Vb2P" = vb2_packed_key2.c.magic */
-	VB2_MAGIC_PACKED_KEY2      = 0x50326256,
+	VB2_MAGIC_PACKED_KEY2		= 0x50326256,
 
 	/* "Vb2S" = vb2_signature.c.magic */
-	VB2_MAGIC_SIGNATURE2       = 0x53326256,
+	VB2_MAGIC_SIGNATURE2		= 0x53326256,
 };
 
 
@@ -356,6 +359,45 @@ struct vb2_packed_key2 {
 #define EXPECTED_VB2_PACKED_KEY2_SIZE					\
 	(EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_GUID_SIZE + 16)
 
+/* Current version of vb2_packed_private_key2 struct */
+#define VB2_PACKED_PRIVATE_KEY2_VERSION_MAJOR 3
+#define VB2_PACKED_PRIVATE_KEY2_VERSION_MINOR 0
+
+/*
+ * Packed private key data, version 2
+ *
+ * The key data must be arranged like this:
+ *     1) vb2_packed_private_key2 header struct h
+ *     2) Key description (pointed to by h.c.fixed_size)
+ *     3) Key data key (pointed to by h.key_offset)
+ */
+struct vb2_packed_private_key2 {
+	/* Common header fields */
+	struct vb2_struct_common c;
+
+	/* Offset of key data from start of this struct */
+	uint32_t key_offset;
+
+	/* Size of key data in bytes (NOT strength of key in bits) */
+	uint32_t key_size;
+
+	/* Signature algorithm used by the key (enum vb2_signature_algorithm) */
+	uint16_t sig_alg;
+
+	/*
+	 * Hash digest algorithm used with the key (enum vb2_hash_algorithm).
+	 * This is explicitly specified as part of the key to prevent use of a
+	 * strong key with a weak hash.
+	 */
+	uint16_t hash_alg;
+
+	/* Key GUID */
+	struct vb2_guid guid;
+} __attribute__((packed));
+
+#define EXPECTED_VB2_PACKED_PRIVATE_KEY2_SIZE				\
+	(EXPECTED_VB2_STRUCT_COMMON_SIZE + EXPECTED_GUID_SIZE + 12)
+
 /* Current version of vb2_signature2 struct */
 #define VB2_SIGNATURE2_VERSION_MAJOR 3
 #define VB2_SIGNATURE2_VERSION_MINOR 0